Security
CVE-2020-1938 Ghostcat
UPDATE (4/28/2020): Cascade CMS 8.15 contains an updated version of Tomcat that addresses this vulnerability. The information below can still be useful for organizations that have not had a chance to upgrade to Cascade CMS 8.15+ yet or that happen to be proxying with Apache, Nginx, etc. (and...
CVE-2021-44228 Log4Shell
In summary, Log4j versions prior to 2.15.0 are subject to a remote code execution vulnerability via the ldap JNDI parser. As per Apache's Log4j security guide: Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled...
CVE-2021-4104
In summary, A flaw was found in the Java logging library Apache Log4j in version 1.x . This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender. This flaw has been filed for Log4j 1.x, the corresponding flaw information for Log4j...
CVE-2021-45046 Log4Shell
In summary, It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with...
CVE-2021-45105 Log4Shell
In summary, Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This...
CVE-2022-23302 JMSSink
In summary, JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a...
CVE-2022-23305 JDBCAppender
In summary, By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering...
CVE-2022-23307 Chainsaw Package
In summary, CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. National Vulnerability Database
CVE-2022-22965 Spring4Shell
In summary, from National Vulnerability Database A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a...
"Remember Me" Cookied Login Vulnerabilities
We have identified several weaknesses in the cookied login progress that would allow a sophisticated attacker to access the CMS as another user using only "remember me" cookies. Cookie authenticity Cookies were not expired or validated on the application side. It was previously possible to...